WebProNews » Dictionaryhttp://www.webpronews.com
Breaking News in Tech, Search, Social, & BusinessTue, 03 Mar 2015 20:11:58 +0000en-UShourly1http://wordpress.org/?v=3.8.1Selfie, Hashtag, and More Added to Merriam-Webster Dictionaryhttp://www.webpronews.com/selfie-hashtag-and-more-added-to-merriam-webster-dictionary-2014-05
http://www.webpronews.com/selfie-hashtag-and-more-added-to-merriam-webster-dictionary-2014-05#commentsTue, 20 May 2014 13:14:58 +0000http://www.webpronews.com/?p=359486If you’re set to have a kid anytime after today, you should quietly weep for it–it’ll never grow up in a world where the word “selfie” isn’t in the official Merriam-Webster dictionary.

The famous Merriam-Webster Collegiate Dictionary is adding over 150 news words this year, and they’ve just announced a handful of them. The list of new words includes some trendy food words, but mostly tech and social media-related terms, which says a lot about the changing landscape of our society.

Or something like that.

Joining “selfie” (Oxford dictionary’s ‘Word of the Year’ last year) are the words “catfish,” “hashtag,” “tweep,” “crowdfunding,” “gamification,” and plain old “social networking.”

Some example definitions:

selfie, noun: an image of oneself taken by oneself using a digital camera especially for posting on social networks

catfish, noun: a person who sets up a false personal profile on a social networking site for fraudulent or deceptive purposes

crowdfunding, noun: the practice of soliciting financial contributions from a large number of people especially from the online community

gamification, noun: the process of adding games or gamelike elements to something (as a task) so as to encourage participation

hashtag, noun: a word or phrase preceded by the symbol # that classifies or categorizes the accompanying text (such as a tweet)

Strangely enough, “selfie” or “hashtag” isn’t the most interesting word added in 2014. That would go to “turducken,” which Merriam-Webster has finally added after being in existence for over 30 years. They describe it as “a boneless chicken stuffed into a boneless duck stuffed into a boneless turkey.” Yep.

Merriam-Webster is asking people to converse about all the new words by using the #MW2014NewWords hashtag on Twitter. Do you think they want us to using the #hashtag hashtag when discussing that specific addition?

]]>http://www.webpronews.com/selfie-hashtag-and-more-added-to-merriam-webster-dictionary-2014-05/feed0Should Scrabble Add ‘Selfie’ to the Official Dictionary?http://www.webpronews.com/should-scrabble-add-selfie-to-the-official-dictionary-2014-03
http://www.webpronews.com/should-scrabble-add-selfie-to-the-official-dictionary-2014-03#commentsWed, 12 Mar 2014 19:18:06 +0000http://www.webpronews.com/?p=331528Scrabble and Merriam-Webster are about to publish the first new edition of the Official Scrabble Players Dictionary in over 9 years, and they want Facebook users to vote on one word that they must have included.

Fans of the game have until March 28th to cast their vote for the word that they most want added to the new edition of the dictionary. They can do this by nominating words in the comments section of this post, as well as liking their favorite “new” words.

As of right now, some of the suggested words include “selfie,” “photobomb,” “emoji,” and “amazeballs.”

I vote OK to “selfie,” I mean, it was the word of the year in 2013. I think I’m done with scrabble if my friends are able to play amazeballs–however, given the fact that it’s a 10 letter word, that would be quite the impressive play. Please god, anything but “twerk.”

“The Scrabble Word Showdown will let fans nominate and vote on words that are fun and relevant for today’s players,” said Jonathan Berkowitz, vice president of marketing at Hasbro. “We are excited to see which word rises to the top and makes its way into The Official Scrabble Players Dictionary.”

Scrabble and Merriam-Webster haven’t update the official Scrabble Players Dictionary in a long time–the fourth edition was published way back in June of 2005. At that time, they added a couple of words that I’m sure have made your Scrabble experiences a lot more enjoyable- “qi” and “za.”

It’s kind of a bummer that they’re only letting the fans choose one new word–especially considering the fifth edition of the players dictionary will sport “thousands” of new words. But hey–this is a challenge ripe for manipulation. I know a few online communities with the ability to sway a vote. Start scouting urban dictionary for your favorite words, reddit.

]]>http://www.webpronews.com/should-scrabble-add-selfie-to-the-official-dictionary-2014-03/feed0ZOMG, NSFW Added to Oxford Dictionaryhttp://www.webpronews.com/zomg-nsfw-added-to-oxford-dictionary-2011-06
http://www.webpronews.com/zomg-nsfw-added-to-oxford-dictionary-2011-06#commentsSun, 05 Jun 2011 16:01:53 +0000http://www.webpronews.com/?p=67630Language is always evolving. And nowadays, with the prevalence of internet use, texting, and social networking, it is evolving at an unprecedented pace.

Some new words have just been added to the Oxford Dictionaries Online, a related branch of the Oxford English Dictionary, but not exactly the same thing. Basically the ODO concerns itself more with current meanings and usage. If you want a longer explanation of the difference, one is available here.

The world of computers and social networking continues to be a major influence on the English language, with the introduction of badware, social graph, and network neutrality into our dictionary. And if you thought a breadcrumb trail was only useful to Hansel and Gretel – think again. The new additions also hint at the danger of sneaking a peek at the Twittersphere or other social networks whilst at work – not everyone is thoughtful enough to add the NSFW warning!

Cyber Monday – the Monday following Thanksgiving, promoted by online retailers as a day for exceptional bargains

infographic – a visual image such as a chart or diagram used to represent information or data

network neutrality – the principle that Internet service providers should enable access to all content and applications regardless of the source, and without favoring or blocking particular products or websites

newb (unfortunately not n00b, however) – short for newbie

NSFW – not safe (or suitable) for work (used in electronic communication to indicate that a particular web page or website contains explicit sexual material or other adult content)

permalink – a permanent static hyperlink to a particular web page or entry in a blog

Twittersphere – postings made on the social networking site Twitter, considered collectively

Today, Google is experimenting with Google Dictionary as an integrated part of search. The dictionary would be available on the side bar as a search option and would allow users to find definitions of words without using “define” within their search. The definition provided would come from the Google Dictionary, but would also include a section for web definitions below.

Google has offered a tool that categorizes search results based on reading level for some time now, but until now it has been an option tucked away in advanced search. It is currently displayed on the side bar among the other search options.

If you use this option, your results will be displayed using an indicator for how difficult the material is to read. Pages can be basic, intermediate or advanced. A query for quantum physics produces mostly advanced results.

A query for Kim Kardashian does not, as would be expected.

Different age groups and people with varying levels of professionalism might use this tool to filter out results they can’t use properly. Or, like me, sometimes you’re just too lazy to read anything difficult.

The all-cash deal will bring Dictionary.com, Thesaurus.com, and Reference.com into the Answers fold. Answers announced the buy today and touted the boost in page views and monetization Lexico should deliver.

Answers Chairman and CEO Robert Rosenschein said in a statement that they estimate "over 70% of our total traffic will now be direct from end users or people searching specifically for the term ‘dictionary’ in search engines."

This traffic should help the company boost its ad sales. Answers said Lexico’s properties generate about triple the page views Answers.com receives by itself. They also cited comScore data from June 2007 that indicated the combined sites should reach 22.5 million Internet users.

Dictionary’s good fortunes come from its distinctive domain name. Answers chief strategic officer Bruce Smith cited a Hitwise survey from 2006 that found ‘dictionary’ rated second for generic search terms people queried for online.

In that context, the Lexico deal looks a lot like Answers paid $100 million for the Dictionary.com domain, with the rest of the company tossed in as a bonus.

]]>http://www.webpronews.com/answers-looks-up-dictionary-com-purchase-2007-07/feed0Google Translate Gains Dictionary Infohttp://www.webpronews.com/google-translate-gains-dictionary-info-2007-06
http://www.webpronews.com/google-translate-gains-dictionary-info-2007-06#commentsTue, 26 Jun 2007 22:12:36 +0000http://www.webpronews.com/?p=38765I’ve taken classes in Spanish, French, and Latin (not by choice), and each of them sent people scrambling for various translation aids. Unfortunately, many of those aids were horrible (“the cow climbs up the tree”). Now Google’s stepping forward - alas, a little late for me - with new dictionary translations for Google Translate.

]]>I’ve taken classes in Spanish, French, and Latin (not by choice), and each of them sent people scrambling for various translation aids. Unfortunately, many of those aids were horrible (“the cow climbs up the tree”). Now Google’s stepping forward – alas, a little late for me – with new dictionary translations for Google Translate.

“Google’s automatic translation is handy for getting translations of complete sentences, paragraphs, and documents,” notes Miguel Garcia, a software engineer, on the Official Google Blog. “But when you need to translate a single word, a bilingual dictionary can be very useful because it gives you translations for the many possible meanings a word might have.”

The dictionary seems to be pretty up-to-date on French, Spanish, Italian, Korean, and, of course, English terms. The German translations are clearly marked “BETA,” though, and Philipp Lenssen writes, “Results are often good but not always.”

He later continues, “While some basic words can’t be found, Google’s related phrases feature often offers a great range of fitting proverbs.” This, at least, seems to remain true regardless of the language selected.

The one-to-one aspect of the dictionary translations will probably remain their strongest feature, however. Garcia explains, “Now, for example, if you want to know how to say ‘play’ in Spanish, you can use out dictionary translation and learn that depending on the context it can be ‘jugar’, ‘tocar’, or ‘obra’, among others.”

]]>http://www.webpronews.com/google-translate-gains-dictionary-info-2007-06/feed0Live Search Defines Place In Dictionaryhttp://www.webpronews.com/live-search-defines-place-in-dictionary-2007-03
http://www.webpronews.com/live-search-defines-place-in-dictionary-2007-03#commentsTue, 13 Mar 2007 18:00:43 +0000http://www.webpronews.com/?p=36077The online Merriam-Webster dictionary includes alternate links for more information about a term; among those links, visitors can find one going to Microsoft's Windows Live Search.
]]>The online Merriam-Webster dictionary includes alternate links for more information about a term; among those links, visitors can find one going to Microsoft’s Windows Live Search.

This effort places Live Search in a logical place for people to find. It’s reasonable to think someone hitting Merriam-Webster for information is engaged in some research. Enabling a link from a definition to more information at Live makes sense.

Other links on Merriam-Webster point to content at a couple of other authoritative resources. Many definitions also point to partial content appearing on Encyclopedia Brittanica, while health-related ones have links to HealthLine resources.

Microsoft has made efforts over the years to be more of a presence in fields where people in education would encounter their products. Once upon a time, Apple owned the education market, but that has changed thanks to heavy competition and a growing need for students to bring computers to school, particularly in college environments.

The Encarta encyclopedia has been a Microsoft staple for many years. Instead of visiting a bookshelf full of heavy paper copies and paging through them, people can search faster for topic content.

There’s also the need to promote the brand as back-to-school sales become much more prominent for many people. The demand is not as great as during the end of year holiday periods, but a lot of people want to purchase a new machine in August for their offspring.

Microsoft fell behind with its Vista consumer launch. They will have to make up some ground for lost holiday sales that affected their OEM partners as much as themselves.

Having tie-ins to valuable, educational properties like Merriam-Webster could be a selling point beyond the desktop/notebook/tablet PC. Since so many people carry powerful cellphones, and Merriam-Webster offers software for the Windows Mobile OS, maybe this Live Search tie-in hints at a future mobile focus on the mobile-using youth market.

]]>http://www.webpronews.com/live-search-defines-place-in-dictionary-2007-03/feed0Webster And AskMeNow Launch Mobile Dictionaryhttp://www.webpronews.com/webster-and-askmenow-launch-mobile-dictionary-2007-02
http://www.webpronews.com/webster-and-askmenow-launch-mobile-dictionary-2007-02#commentsThu, 15 Feb 2007 17:05:12 +0000http://www.webpronews.com/?p=35227
Mobile users can also access interactive features such as Merriam-Webster’s Word of the Day, which is designed to improve vocabulary and Open Dictionary, where members can create and submit their own new words and definitions.
]]>AskMeNow, a mobile search company has partnered with Merriam-Webster, publisher of print and electronic English language references to launch a mobile dictionary. Customers can access the dictionary by texting ASKME (27563). The service is available in the US and Canada.

Mobile users can also access interactive features such as Merriam-Webster’s Word of the Day, which is designed to improve vocabulary and Open Dictionary, where members can create and submit their own new words and definitions.

The Open Dictionary feature appears to be more of an entertainment feature than something that should be taken seriously. For example this entry: “chyeah”(interjection): Informal form of “Yeah” or “Yes” Chyeah I will! Don’t look for that to become an official word anytime soon.

“Merriam-Webster is pleased to be working in tandem with AskMeNow Inc.," said James W. Withgott, Vice President and Associate Publisher of Merriam-Webster, Inc. "This partnership represents an exciting new way to utilize Merriam-Webster reference products, and offers a valuable new service to users."

Merriam-Webster plans to promote the service to its database of email subscribers who currently receive the word of the day and will also feature it on their Web site. AskMeNow will get the word out by featuring the service on its Web site and on the answers to relevant questions from its users.

"AskMeNow not only gives users accurate answers, we also provide the branded content users want most," said Darryl Cohen, AskMeNow CEO. "Our partnership with Merriam-Webster is another unique brand name offering, which makes a definition, synonym or spelling only a text message away. Additionally, this partnership will help to create a significant database of customers that receive daily content through the AskMeNow SMS code, insuring a steady stream of advertising revenue for both companies."

]]>http://www.webpronews.com/webster-and-askmenow-launch-mobile-dictionary-2007-02/feed0Google Gadget University Awardshttp://www.webpronews.com/google-gadget-university-awards-2007-01
http://www.webpronews.com/google-gadget-university-awards-2007-01#commentsTue, 16 Jan 2007 21:16:40 +0000http://www.webpronews.com/?p=34485Google handed out awards for the best Google Gadgets by college students.
]]>Google handed out awards for the best Google Gadgets by college students.

The winners list is a useful place to find maybe some new Gadgets for your personalized homepage, including a dictionary map, which shows relationships between words as an interactive graphic dictionary and thesaurus (MapMyWord Dictionary, Best overall universal gadget), a map that displays news headlines from around the world, a Gadget Maker that lets you turn any webpage into a Gadget, and a word-hunting game. The University of Southern California got noted as the top school for Gadget submissions.

Could USC offer a “Google Gadget 101″ course? That would be pretty sweet.

]]>http://www.webpronews.com/google-gadget-university-awards-2007-01/feed0Preventing a Brute Force or Dictionary Attackhttp://www.webpronews.com/preventing-a-brute-force-or-dictionary-attack-2007-01
http://www.webpronews.com/preventing-a-brute-force-or-dictionary-attack-2007-01#commentsWed, 10 Jan 2007 20:08:10 +0000http://www.webpronews.com/?p=34320To understand and then combat a brute force attack, also known as a dictionary attack, we must start by understanding why it might be an appealing tool for a hacker.

To a hacker, anything that must be kept under lock and key is probably worth stealing. If your Web site (or a portion of it) requires a user to login and be authenticated, then the odds are good that a hacker has tried to break into it. In terms of processing power, it is expensive for a Web site to require authentication, so it is usually only required when the site stores valuable private information. Corporate intranet sites can contain confidential data such as project plans and customer lists. E-commerce sites often store users’ email addresses and credit card numbers. Bypassing or evading authentication in order to steal this data is clearly high on a hacker’s priority list, and today’s hackers have a large library of authentication evasion techniques at their disposal.

Session hijacking attacks such as Cross-site Scripting can steal a user’s authentication token and transmit it to a malicious third party, who can then use it to impersonate the legitimate user. SQL injection attacks can also be very effective at bypassing authentication. By sending a specially-formatted username and password combination containing SQL code to the login form, an attacker can often trick the server into granting him unauthorized access. These types of attacks get a lot of attention since they are creative, elegant, and effective. However, there is another type of attack that can be just as effective, if not as elegant or creative. A brute force attack (or dictionary attack) can still be a dangerous threat to your Web site unless proper precautions are taken.

The brute force attack is about as uncomplicated and low-tech as Web application hacking gets. The attacker simply guesses username and password combinations until he finds one that works. It may seem like a brute force or dictionary attack is unlikely to ever succeed. After all, what are the odds of someone randomly guessing a valid username and password combination? Surprisingly, the odds for a brute force attack can be quite good if the site is not properly configured. There are several factors that work to the hacker’s advantage, the most important of which is human laziness.

Don’t Be Lazy – Choose a Password Carefully!

Generally, people do not remember complicated passwords very well. If users are allowed to create their own passwords, they will often create very simple ones like “password”, “1234″, their spouse’s name, or their favorite sports team. Passwords like these are easy for the user to remember, but unfortunately they are also easy for someone else to guess. Furthermore, any serious hacker who attempts a brute force attack will not be sitting at a Web browser, guessing at authentication credentials and typing them in. He will be using an automated tool for the brute force attack that can make thousands of requests per minute with credentials generated from a large list of possible values. Often this list is an actual dictionary, hence the term “dictionary attack.” If a user chooses a common password, such as a dictionary word, the automated tool will eventually guess it, and the user’s account will be compromised.

Also, once the brute force attack has revealed a valid username and password combination for one Web site, the hacker knows that the same combination is likely to work for other Web sites. In a study conducted by the University of Wichita, more than half of the test subjects reported using the exact same password for multiple sites. This laziness works to the hacker’s advantage. If, for example, a hacker is able to use a dictionary attack to obtain a valid user credential for Amazon.com, then it is probable that the same credential would be valid for other popular Web sites, such as eBay.

Sidestepping a Dictionary Attack with Username Selection

Of course, a password is only half of the required login credential. A username is also required. While it is less likely that a dictionary word would be used as a username, there are still some common usernames that hackers are certain to try with a brute force attack. First among these are “admin” and “administrator”. These names are especially dangerous since they are not only easily guessed, but the accounts they represent are usually highly privileged administrative accounts. If the hacker’s dictionary attack could gain access to an administrative account, he could probably do much more damage to the system than he could if he gained access to a regular user’s account.

Administrative accounts are not the only problem: many Web applications and Web application frameworks create default users during installation. If the site administrator does not remove these default users or at least change their passwords, these accounts will be easy targets for a dictionary attack. Finally, when users are allowed to choose their own usernames, they often choose their email address, since it is easy to remember. Once again, the user’s laziness is a benefit to a hacker using a brute force attack. Armed with a list of email addresses (perhaps obtained from a spammer) and a dictionary of passwords (easily obtained anywhere), an attacker has an excellent chance of breaking into at least one user’s account.

Countering a Brute Force Attack with a Strong Password Policy

The primary defense against a brute force attack must be enforcement of a strong password policy. As mentioned earlier, dictionary words make poor passwords. Password size is also important: the longer the password, the more difficult it will be to force. While there is no strict definition of a strong password that will be harder to determine via a dictionary attack, some good guidelines would be:

Minimum length of at least seven characters

Must include both upper and lower case characters

Must include numeric characters

Must include punctuation

These guidelines may seem overly strict, but there is little chance that a password created with these restrictions will be found with a brute force attack. There are almost 70 trillion combinations of characters that can be seven digits long and can include upper case characters, lower case characters, numbers, and punctuation. Even a dictionary attack tool that could make one hundred requests per second would still take over 11,000 years before it would be statistically likely to guess the password.

Obviously, most Web sites will want to block a dictionary attack much sooner than 11,000 years into the attack. Many organizations use an intrusion detection system (IDS) to detect an abnormally high number of requests coming from a single user. This is a good idea, but it is not sufficient to prevent the brute force attack. A clever hacker will simply reduce the bandwidth used by his automated tool until it falls under the alert threshold of the IDS.

Other Defensive Strategies – And Why They Don’t Work

Another common defense strategy against a dictionary attack is to automatically disable an account after a certain number of failed login attempts. For example, if the server detects that the user “bobsmith” has provided an incorrect password three times since his last login, the server might decide that the “bobsmith” account is the subject of a brute force attack and will disable it. The account may automatically reactivate after 30 minutes, or the user might have to contact the site administrator to have the account reactivated. In either case, automatically disabling user accounts is a poor security mechanism to fight a dictionary attack. In the first place, by disabling accounts the system has traded an authentication evasion vulnerability for a denial of service vulnerability. If an attacker can disable an account by incorrectly guessing its password three times every 30 minutes, he can effectively prevent that user from ever accessing the system. Imagine how damaging a dictionary attack could be if it were used against an administrative account.

In the second place, locking out accounts is ineffective against a brute force attack because this technique assumes that the attacker is keeping the username constant and varying the password. What if the attacker instead kept the password constant and varied the username? We already know that a large percentage of users use common passwords like “password”. A hacker using a dictionary attack could try “password” for each of the users in his username list, which would not only have a high chance of success, but would also evade the account lockout logic. An attacker could make thousands of login attempts, and even if every one of them failed, the system will only register one incorrect login per account.

A Better Defense: Incremental Delay

A better strategy for blocking any brute force attack is to incrementally delay the page response after failed login attempts. After the first failed login attempt, for example, the response would be delayed by one second. After the second failed attempt, the response would be delayed by two seconds, and so on. A one-, two-, or even six-second delay is probably not going to bother a human user too seriously. Certainly he will find it less irritating than having to wait 30 minutes for his account to reactivate because he accidentally left his caps lock key on. On the other hand, an incrementing delay can completely defeat an automated tool being used for a brute force attack. Assuming the tool could normally make ten requests per second, the time it would take to make one thousand requests would jump from two minutes to five days. This pretty much renders the brute force attack tool useless. An incrementing delay also solves the problem of the attacker holding the password constant and varying the username. Since the system tracks failed login attempts on a user session basis and not an authentication credential basis, the delay logic cannot be bypassed this way.

There is one serious shortcoming to the incrementing delay approach: state must be kept in order to record the number of failed login attempts by the current user. The dictionary attack tool can be set up to begin a new session on every request by never sending a session identification token to the server. In this situation, the server will not be able to track the number of failed logins, and the delay will not be properly applied. It is possible to track a user from his IP address instead of his session token, but this technique has problems as well. Sometimes multiple users share a single IP address, and sometimes a single user can change IP addresses between requests. While the incrementing delay technique is not perfect, in many cases it is a better solution to fighting a dictionary attack than the widely used practice of locking out accounts after failed login attempts.

Carefully Word Your Error Messages

Finally, it is important to create appropriate error messages in response to failed login attempts. Many Web sites inadvertently aid hackers by providing overly helpful error messages. Consider the difference between the messages “User ID not found” and “Incorrect password.” These messages give a lot of information to a potential attacker. “User ID not found” tells the hacker that the user he is trying to determine via brute force attack does not exist in the system. There is no point in continuing to try different passwords for this username. He can continue on to the next username in the list, saving himself thousands of useless requests and hours of time. On the other hand, “Incorrect password” tells him that the username he has tried with his dictionary attack does exist, but that the password is wrong. Now he knows that he has a potential victim and can focus his efforts on breaking that user’s password. It is much safer for the application to respond with an ambiguous message like “Incorrect username or password” when a login attempt fails. There is no way to tell from this error which part of the credential was invalid. Therefore, there are no clues that a hacker can obtain from this error that can help him reduce his workload and break the system faster.

Conclusion

In conclusion, sometimes old, boring attacks can work just as well as the new, exciting ones. Low-tech as it might be, a brute force attack can be very effective at compromising your Web application unless proper defenses are used. The first and foremost method of defeating a brute force attack is to require all users to choose a strong password. Passwords should be required to contain at least seven characters, with mixed upper- and lower-case letters, numbers, and punctuation. Also, consider implementing an incrementing response delay routine in your application in place of an automatic account lockout. Finally, be sure to display nondescript, ambiguous login failure messages such as “Invalid username or password.” Messages like this provide no extra information about the system that a hacker using a dictionary attack can take advantage of to lighten his workload. Following these guidelines will help you protect your application and your users from the brutes of the world.

Bryan Sullivan is a development manager at SPI Dynamics, a Web application security products company. Bryan manages the DevInspect and QAInspect Web security products, which help programmers maintain application security throughout the development and testing process. He has a bachelors degree in mathematics from Georgia Tech and 11 years of experience in the information technology industry. Bryan is currently coauthoring a book with noted security expert Billy Hoffman on Ajax security, which will be published in summer 2007 by Addison-Wesley.